We need to remove programs using "Programs and Features"
Click the "Start" orb on the taskbar, and then click the "Control Panel" button.
- If you use Category mode, click on Uninstall a Program.
- If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":
McAfee Security Scan Plus
Additional instructions can be found here if needed.
We need to run a fix with FRST:
- Press the windows key + r on your keyboard at the same time. Type in notepad and press Enter.
- Copy and paste the script below in the notepad document:
HKLM\...\Run: [gpuminer] => C:\Users\Zeynep\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] ()
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpm.exe [1423640 2015-09-18] ()
HKLM-x32\...\Run:  => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2726754244-3849916721-1666984765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
- Save the file to your desktop and name it as fixlist.txt
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- Run FRST.exe/FRST64.exe and press the Fix button just once and wait
- If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
- When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
- Please copy and paste the log in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
- The tool will start to update the database, please wait a bit.
- Click on I agree button.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
~If I am helping you and you have not had a reply from me in two days, please send me a PM~
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here
~Twitter~ | ~Malware Analyst at Emsisoft~